示例中的公钥和私钥可以从网上找在线生成
1.客户端
$public = "-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0MzngAZ2SOk1FmEa4WOu
zf/lGAAkxn/vCfSdQ6vq7+pReOaGZhPe0OoEgtlePInhz3mNFGnAMJtk3anqK3o1
ZapMGuDWeESM+akOI9jRQpWZNAM5q5oLAE/dAoRUwVamHPewJM2f19LcqY2UDd3Q
mK82RynK2f6zaYu6qdl3N7uysHwnKJVE8AuK2iQ0BDKfTQJuK3QVwW9jOsR6KWiG
a4I4ID3XL+wn0ACCdg1lVmT33N1aeVHGXaiONK8UXybAyYKVZp7un2JsHtLmBntn
JrBRXC7DAsKEEt4wxORUqdZY/Ssgiv9Drpx0YdQJGHY2IRJ61HJx/Jg4MfDFIgBx
gwIDAQAB
-----END PUBLIC KEY-----";
$appKey = "woCESHIAPP";//表明请求的App身份
$secretKey = "secret0ACCdg1lV";//密钥(不进行传输的参数)
$url = "http://localhost/test/server.php?";
$params["appKey"] = $appKey;
$params["orderId"] = 1;
$params["name"] = "shan";
$params["passWorld"] = "123456";
$params["time"] = time();//保证连接时效性参数
$queryString = http_build_query($params);//appKey=woCESHIAPP&orderId=1&name=shan&passWorld=123456&time=1572507143
$sign = getSign($params,$secretKey);//签名(保证参数合法性)
$queryString .="&sign=".$sign;
//$url .= $queryString;
//传输参数通过非对称加密
$encrypt = "";
openssl_public_encrypt($queryString,$encrypt,$public);
$encrypt = urlencode($encrypt);
$url .= "q=" . $encrypt;
print_r($url);
//签名函数
function getSign($params, $secretKey)
{
ksort($params); //固定参数顺序
$q = http_build_query($params);
$q .= $secretKey;
return md5($q);
}
2.服务端
<?php
$private = "-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDQzOeABnZI6TUW
YRrhY67N/+UYACTGf+8J9J1Dq+rv6lF45oZmE97Q6gSC2V48ieHPeY0UacAwm2Td
qeorejVlqkwa4NZ4RIz5qQ4j2NFClZk0AzmrmgsAT90ChFTBVqYc97AkzZ/X0typ
jZQN3dCYrzZHKcrZ/rNpi7qp2Xc3u7KwfCcolUTwC4raJDQEMp9NAm4rdBXBb2M6
xHopaIZrgjggPdcv7CfQAIJ2DWVWZPfc3Vp5UcZdqI40rxRfJsDJgpVmnu6fYmwe
0uYGe2cmsFFcLsMCwoQS3jDE5FSp1lj9KyCK/0OunHRh1AkYdjYhEnrUcnH8mDgx
8MUiAHGDAgMBAAECggEAeHF6KJORr8U2Zk5lXxZNQ28VC58pl4c8sBV2kg6dWv9j
N8ZiSIe1w/T53TDd9zXiF/gZtWi7AE7jBCp7ddDs9FQjym1fychhObKXAX6UV0BM
O4CQx7f4GJn49va2nUAKWjNWXCRwy+JKf1O3z7fgF/MZ8DrfVJhjjcKYTlmvN2n3
SU1sHSTt5fETKgke/gYWzFtYQFzjB+ZIwBwRZrOh3NNTb1a06UZDQN4tsPEWXNZ8
t8R0UDhauV01YjYPF7CqInGgbIEwS4RTQ+LizA8rDoZtdGXRaA5o5NBWSZ/l7Lss
m468z3KWnRSvBWdED6QEZhIJJV5agwAXjaMJRTMK4QKBgQDyI6jUdMzJajs9i18P
rZhJwx+IHMJhHAQLJMu/0jV9z9pucyN4GWXtxl5imJDYlL8K46aiV9KVoFXmtDTO
hmqCKT/kHjZkjVLOQhrysl8pgvtzZ5sCLHoCCn/NqitJ1uCKwRQE/jrbplSET2l1
QGaCBl3vcQcATR6kSx1iGM4RTQKBgQDcwLFD11dmgsKB1efVYp9JFs5O8MhF9olF
Wjm6Bh7nc0mhn5lhjZPgAY05FtaQneoe01aLyOP2I3f9IMhiFiukNWdSaNIXn3OM
lEXsPSd850dapSmrBO2ts8tkQX8pBZsHGV56xfO9mkj+VSuk8X7eX4Rco9z+cqWT
s0nfhswmDwKBgC5U3G0qnDS9+u/fxyS81rLmfxYQSrFCJxPqyoG9uzaDmwwfQ94r
HfHNTyoWf0Cx1YxD2xKdM1ImB8nJGYGa/q5BLlR743SCBiIpS/a8YrESuwJuBJ75
266gS6wSr43Fa9mg8C+0ZZa50NowR8GDvRmMFlVGj0xjdUWCifDHRkbRAoGBAL2e
byXdBWAyla089kTez//SLSi1vvIJ0OPXmpplw4oAB5FjLDcVi53w90PAkFHsszwD
QOYVi2rUEK9Hx5gpfxcwIC4zh7Nu7awleOJxrUemyi3cjSwvsZFxTRYzBG1SOVYh
vnwrKTEGJAkDU9f88ING/MUupBeUlxGGAcCVYyqVAoGAew1toQtv5zrXbjq6ZQtE
M/2JCQ24oS2Ivq6gGbg2oBsxQtw+e5Q2VYc/WFDnx5R8L7FER+mqHJvGVuxSscSg
qTk2Y88/f5HZa3q69NlCa1GFeXEgHgH39Ym7TnGHhi6OtOTybY9vLsfS6klpv439
/HvNbfgapfxZ04pvX/26Wv4=
-----END PRIVATE KEY-----";
//$params = $_GET;
//print_r($params);
$query = $_GET['q'];
$decrypt = "";
openssl_private_decrypt($query,$decrypt,$private);
$params = [];
parse_str($decrypt,$params);
if(empty($params)){
echo "参数解密失败";die;
}
//做请求时间有效性验证
if(abs($params['time'] -time()) >= 300){
echo "请求超时";die;
}
$sign = getSign($params);
if($sign['code'] != "0"){
echo $sign['msg'];die;
}
if($sign['sign'] != $params['sign']){
//参数被修改
echo "参数非法";die;
}
echo "success";
//获取签名函数
function getSign($params){
$data = [
'code' => '',
'msg' => "",
"sign" => ''
];
//每个客户端对应的密钥
$conf = [
"woCESHIAPP" =>"secret0ACCdg1lV",
];
unset($params['sign']);//服务端删除签名,为了进行参数验证
ksort($params); //固定参数顺序
$q = http_build_query($params);
$sign = md5($q . $conf[$params['appKey']]);
$data = [
'code' =>"0",
'msg' => "success",
"sign" => $sign
];
return $data;
}
